What are the risks associated with installing the above on a PC/laptop for doing data analysis?
Are the following mitigating measures valid?
a) apply regular patches for R & Python to fix vulnerabilities: as they're opensource, are the patches
released quite timely/regularly. I tend to think opensource is lacking in this area
b) if patches are not applied regularly, can we isolate the PCs such that they have no Internet
access & no email clients to mitigate? I tend to think most breaches result from Internet,
emails activities & infected USB devices
c) is it common that emails contain malicious python attachments?
d) Where can we subscribe to vulnerabilities news/updates for these 2 softwares?
e) Python and Ruby are dynamic platforms (free ware) , have to tighten the web application security if it’s being used for web applications, Python has flexible features that make it particularly useful for hacking?
Can we harden these & where to obtain such a hardening guide?